
kd> g
hWndChild = 0x000A0402
Break instruction exception - code 80000003 (first chance)
001b:7557d352 cc              int     3
kd> .reload /f win32kbase.sys
kd> .reload /f win32kfull.sys
kd> .reload /f symhelp.sys
kd> .load jswd
kd> !js D:\root\WorkCode\jswd_script\syn\hwnd.js 0x000A0402
[hWnd] 0x000a0402 -> [pWnd] 0x958139c8 

kd> dt win32kfull!tagWND spmenu 0x958139c8 
   +0x078 spmenu : 0xffffffeb tagMENU
kd> ba r 4 0x958139c8+ 0x078
kd> g
Breakpoint 0 hit
win32kfull!xxxNextWindow+0x253:
94393f70 85c0            test    eax,eax
kd> r
eax=ffffffeb ebx=93ad2c48 ecx=958229f0 edx=0000c035 esi=00000000 edi=958139c8
eip=94393f70 esp=89f4f9a0 ebp=89f4fa08 iopl=0         nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000202
win32kfull!xxxNextWindow+0x253:
94393f70 85c0            test    eax,eax
kd> t
win32kfull!xxxNextWindow+0x255:
94393f72 7404            je      win32kfull!xxxNextWindow+0x25b (94393f78)
kd> t
win32kfull!xxxNextWindow+0x257:
94393f74 83481404        or      dword ptr [eax+14h],4
kd> r
eax=ffffffeb ebx=93ad2c48 ecx=958229f0 edx=0000c035 esi=00000000 edi=958139c8
eip=94393f74 esp=89f4f9a0 ebp=89f4fa08 iopl=0         nv up ei ng nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000286
win32kfull!xxxNextWindow+0x257:
94393f74 83481404        or      dword ptr [eax+14h],4 ds:0023:ffffffff=????????
